<?php
/********************************************************************/
/* Programmer: Scott Gildersleeve                 					*/
/*       Date: 2/1/2013                           					*/
/*  Page Name: login.php                           					*/
/*                                                					*/
/********************************************************************/

/********************************************************************/
/* PHP Login System                               					*/
/*                                                					*/
/********************************************************************/

/********************************************************************/
/*   Date        Reviser       Revision           					*/
/* --------     ---------     ----------          					*/
/* 2/4/13       S. Gilder     Integration with    					*/
/*                            FirstPage.html      					*/
/* 2/9/13       D. Widjaya    Change redirect page to main.php      */
/* 2/9/13       S. Gilder     Added avatar to session variable      */
/*                                                					*/
/********************************************************************/
   
/* FUNCTIONS */
require_once('functions.php');
require_once('PasswordHash.php');
require_once('webservices.php');
require_once('session_handler.php');
   
function login_main()
{
    session_handler_start();
  
    /* FALL THROUGH CODE */
    if (!check_login()) // In functions.php. Checks to see if all of the required session information is stored.
    {   
	  
   /* VARIABLES */
        $email      = "";
        @ $email    = strtolower($_REQUEST['UserName']);
        $errMsg     = "Cool";
        $password   = "";
        @ $password = $_REQUEST['Password'];
	  
        $database = mysqli_connect($GLOBALS['SERVER_ADDRESS'], $GLOBALS['SERVER_USERNAME'], $GLOBALS['SERVER_PASSWORD'], 'cs414');

        $stmt = $database->prepare("SELECT salt_hash, user_id, avatar, power_id FROM cs_authentication where email = ?;");
        $stmt->bind_param("s", $email);
        $stmt->bind_result($fetchedPassword, $fetchedUserID, $fetchedAvatar, $fetchedPowerId);
        $stmt->execute();

        if ($stmt->fetch()) //Checks if there's a user with the email provided
        {
            if (validate_password($password, $fetchedPassword)) // Checks if the passwords match up
            {
                mysqli_close($database);
                $_SESSION['userid']  = $fetchedUserID;
                $_SESSION['avatar']  = $fetchedAvatar;
                $_SESSION['powerId'] = $fetchedPowerId;
                // Also, you can grab whether the user is faculty or not here and store that in a session if
                // you don't want to constantly be checking against their email.
                // Basically, add any user information here that you will need to store in a session. 
                // Get it up top where we're selecting and assign it here.
                header("Location: main.php");
            }
            else
            {
                header("Location: FirstPage.php?field=invPsd");
            }
        }
        else
        {
            header("Location: FirstPage.php?field=invEml");
        }		 
    }
}

if (!debug_backtrace())
{
	login_main();
}
?>